Subscribe to our Threatpost Today newsletter

Join thousands of people who receive the latest breaking cybersecurity news every day.

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

*

*

I agree to my personal data being stored and used to receive the newsletter

*

I agree to accept information and occasional commercial offers from Threatpost partners

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

The Zero Day Initiative said that the number of bugs reported in 2018 is on track to trump its previous busiest year, 2017.

Zero Day Initiative said Monday that so far in 2018, it has published 600 advisories – up 33 percent from the 451 published in 2017, which was previously its “busiest year ever.”

“Interestingly, we had fewer advisories released as 0-day this year,” the company said in its mid-year report on advisories. “The first six months of 2018 saw only 23 advisories exceed our coordination timelines as opposed to 49 last year – a decrease of 42%. That means we successfully coordinated 577 bug reports with the vendor to release alongside a security patch or other mitigation.”

Here are some of the biggest bug report trends in 2018, so far:

SCADA bugs are continually on the rise, with those types of bugs accounting for more than 30 percent of submissions to the program. ZDI said that bugs were reported in Delta Industrial and Omron products, but Advantech ultimately rose to the number one spot on the bug reports list.

Bugs reported in Microsoft products has jumped up 121 percent year-over-year, with many of these bugs being reported in browsers. “Overall, Microsoft only released 8% more patches in the first half of this year versus the first half of 2017, so the rise in bug reports to the program shows program growth rather than just increased bugs in Microsoft products,” said ZDI.

Adobe bugs reported remains consistent, as there were only two more Adobe reports this year over last year.

ZDI said it is seeing more bug reports at virtualization software like Oracle VirtualBox this year. Overall, reports on the virtualization product are up 275 percent since last year, the researchers said.

ZDI said that it sees continued growth in vulnerability research – and also an increase in the potential bugs reported: “It’s impossible to predict how the rest of 2018 will go, but if we use 2017 as a guide, it will be even busier,” it said in its report.

According to the Zero Day Initiative, here is the breakdown of vendors for published advisories from January through June of 2018:

(ThreatList is an occasional overview of InfoSec landscape as represented in at-a-glance lists of relevant data.)

Authors

Threatpost

InfoSec Insider Post

InfoSec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Post

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.